diff options
author | Rubin Xu <rubinxu@google.com> | 2020-06-02 04:52:33 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-06-02 04:52:33 +0000 |
commit | 0100d69c5c26173eec1bd1bea394c8305f3a3d0b (patch) | |
tree | 46d75021e9cb0c5e1b54b886d1045a6cb94c95a2 | |
parent | c26488a0d70a94752be50d769a27d56f96157b74 (diff) | |
parent | 0809cf96aa0a547150173bd0cb06452dce878d61 (diff) | |
download | v8-0100d69c5c26173eec1bd1bea394c8305f3a3d0b.tar.gz |
Fix integer overflow in NewFixedDoubleArray am: 0809cf96aa
Original change: undetermined
Change-Id: I69c32297a80a0c258f707a62a5e04acf1acf090c
-rw-r--r-- | src/heap/factory.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/heap/factory.cc b/src/heap/factory.cc index c8528f9f..2ac0d990 100644 --- a/src/heap/factory.cc +++ b/src/heap/factory.cc @@ -469,7 +469,7 @@ Handle<FixedArrayBase> Factory::NewFixedDoubleArray(int length, PretenureFlag pretenure) { DCHECK_LE(0, length); if (length == 0) return empty_fixed_array(); - if (length > FixedDoubleArray::kMaxLength) { + if (length < 0 || length > FixedDoubleArray::kMaxLength) { isolate()->heap()->FatalProcessOutOfMemory("invalid array length"); } int size = FixedDoubleArray::SizeFor(length); |